WO 03/085479 



CLAIMS: 



PCT/IB03/01103 



1 . Apparatus for rendering user data, comprising: 

a drive unit (2) comprising: 

- means (21) for receiving encrypted user data and key data, 

- means (22) for decrypting said user data using said key data, 
5 - means (24) for re-encrypting said decrypted user data, 

- means (26) for transmitting said re-encrypted user data from said drive unit 
(2) to an application unit (3), 

- means (27) for decrypting encrypted application data received from said 
application unit (4), and 

10 - means (20) for transmitting said decrypted application data to a render unit 

(4) for rendering said application data, 

an application unit (3) comprising: 

- means (31) for decrypting said re-encrypted user data, 

- means (32) for reproducing said decrypted user data into application data, 
15 - means (33) for re-encrypting said application data, and 

- means (34) for transmitting said re-encrypted application data from said 
application unit (3) to said drive unit (2), 

a render unit (4) for rendering said application data. 

20 2. Apparatus according to claim 1, wherein said drive unit (2) and/or said 

application unit (3) comprises means (23, 25) for calculating decryption and/or re-encryption 
keys. 

3. Apparatus according to claim 1, further comprising a digital connection (80, 

25 81, 82) between said application unit (3) and said drive unit (2) and between said drive unit 
(2) and said render unit for transmitting said application data in digital form. 



4. 



Apparatus according to claim 1, further comprising: 
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- a digital connection (80, 81) between said application unit (3) and said drive 
unit (2) for transmitting said application data between said application unit (3) to said drive 
unit (2) in digital form, 

- a digital-analogue-converter in said drive unit for converting said digital 
5 application data into analogue application data, and 

- an analogue connection (82) between said drive unit (2) and said render unit 
(4) for transmitting said analogue application data from said drive unit (2) to said render unit 
(4). 

10 5. Apparatus according to claim 1, wherein said drive unit (2), said application 

unit (3) and said render unit (4) are part of a computer (1). 

6. Apparatus according to claim 1, wherein said encrypted user data are stored on 
a recording medium (5) and wherein said recording medium (5) is an optical recording 

15 medium, in particular a CD, DVD or DVR disk, storing audio, video and/or software data. 

7. Apparatus according to claim 1, further comprising device revocation means 
(8) for checking if the application unit (3) and/or the drive unit (2) have been compromised 
and for revoking a compromised application unit (39 and/or drive unit (2). 

20 

8. Apparatus according to claim 1, wherein said drive unit (2) further comprises 
copy protection means (28), in particular a watermark detector, for checking if said received 
application data have been tampered with. 

25 9. Drive unit for use in an apparatus for rendering user data as claimed in claim 

1, comprising: 

- means (21) for receiving encrypted user data and key data, 

- means (22) for decrypting said user data using said key data, 

- means (24) for re-encrypting said decrypted user data, 

30 - means (26) for transmitting said re-encrypted user data from said drive unit 

(2) to an application unit (3) for decrypting said re-encrypted user data, reproducing said 
decrypted user data into application data and re-encrypting said application data, 

- means (27) for decrypting encrypted application data received from said 
application unit (3), and 
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- means (20) for transmitting said decrypted application data to a render unit 
(4) for rendering said application data. 

10. Application unit for use in an apparatus for rendering user data as claimed in 
5 claim 1, comprising: 

- means (31) for decrypting re-encrypted user data received from a drive unit 
for receiving encrypted user data and key data, decrypting said user data using said key data, 
re-encrypting said decrypted user data and transmitting said re-encrypted user data from to 
said application unit, 

10 - means (32) for reproducing said decrypted user data into application data, 

- means (33) for re-encrypting said application data, and 

- means (34) for transmitting said re-encrypted application data to said drive 
unit for decrypting said encrypted application data and for transmitting said decrypted 
application data from said drive unit to a render unit for rendering said application data. 

15 

1 1 . Method of rendering user data, comprising the steps of: 

- receiving encrypted user data and key data by a drive unit (2), 

- decrypting said user data using said key data, 

- re-encrypting said decrypted user data, 

20 - transmitting said re-encrypted user data from said drive unit (2) to an 

application unit (3), 

- decrypting said re-encrypted user data, 

- reproducing said decrypted user data into application data, 

- re-encrypting said application data, 

25 - transmitting said re-encrypted application data from said application unit (3) 

to said drive unit (2), 

- decrypting encrypted application data, 

transmitting said decrypted application data from said drive unit (2) to a render unit (4), and 

- rendering said application data. 

30 

12. Computer program comprising program code means for implementing the 
steps of the method as claimed in claim 1 1 when said method is run on a computer. 



